<?php 
session_start(); 
if (!isset($_SESSION['Username'])) {
                header("location:login.php");
        }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Manager Home</title>
<link href="css/default.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" src="scripts/rand_password.js"></script>
<?php include('includes/path.php'); ?>

</head>
<body class="oneColFixCtrHdr">
<div id="container">
<?php include( 'includes/header.php' ); ?>
<?php include( 'includes/menu.php' ); ?>
<?php include ('includes/status.php'); ?>

  <div id="mainContent">
      
<!--     <table align ="center">
                <tr><td style="font-size: 20px; text-align: center;"><a href="./addvendor.php">Click here to Add and/or Remove Vendors</a></td>
				<td style="font-size: 20px; text-align: center;"><a href="./editvendors.php">Click here to Edit Vendors Inventory</a></td></tr>
                
     </table>
-->  
     <?php
	$uname = (isset($_POST['Username']) ? htmlspecialchars($_POST['Username']) : '');
	echo $uname;
	// This file inserts the following
	// variables: USER, PASS, DB
	include('db.php');

    ?>
 <form action="manager.php" method="post" enctype="multipart/form-data" name="manager" target="_parent"> 
 <?php

	if(isset($_SESSION['manager']) && $_SESSION['manager']) 
	{
    	$TABLE = "Order_Requests";
        $ROW_NUMBER = 0;

        $CON = mysql_connect( $HOST, $USER, $PASS );

        if (!$CON)
        {
            die('Could not connect: ' . mysql_error());
        }
		
		mysql_select_db( $DB );
		
		$uname = (isset($_SESSION['Username']) ? htmlspecialchars($_SESSION['Username']) : '');
		$qry = "SELECT * FROM Users where login = '$uname'";
		$manager = mysql_fetch_assoc( mysql_query( $qry ) );
		$managerID = $manager['user_id'];
	
		$sortBy=1;
		if(isset($_POST['sort_user'])) $sortBy=1;
		else if(isset($_POST['sort_quantity'])) $sortBy=2;
		else if(isset($_POST['sort_price'])) $sortBy=3;
		$numberOfRequest = (isset($_POST['numberOfRows']) ? htmlspecialchars($_POST['numberOfRows']) : '');
		while($numberOfRequest>0)
		{
			$numberOfRequest --;
			$tmp = (isset($_POST[$numberOfRequest]) ? htmlspecialchars($_POST[$numberOfRequest]) : '');
			$quant = "Quantity$numberOfRequest";
			$Request = "Request$numberOfRequest";
			$price_selected = "Price$numberOfRequest";
			
			$TotalQuantity = (isset($_POST[$quant]) ? htmlspecialchars($_POST[$quant]) : '');
			$order = (isset($_POST[$Request]) ? htmlspecialchars($_POST[$Request]) : '');
			$price_for_one = (isset($_POST[$price_selected]) ? htmlspecialchars($_POST[$price_selected]) : '');
			$price_for_one  = str_replace(" ","", $price_for_one);
			$price_for_one = ereg_replace("[A-Za-z]", "", $price_for_one);
			$price_for_one  = str_replace("$", "", $price_for_one  );
			$price_for_one  = str_replace(")", "", $price_for_one  );
			$price_for_one  = str_replace("(", "", $price_for_one  );
	
		
			$date = date("Y-m-d");
			if(Empty($TotalQuantity));
			else if(!Empty($price_for_one))
			{	
				$multiplication  = $price_for_one * $TotalQuantity;
				$totalcost = $multiplication;
				$request = mysql_fetch_assoc( mysql_query( "SELECT * FROM Order_Requests where request_id = $order  " ) );
				if($TotalQuantity>0)
				{
					mysql_query( "Delete FROM Order_Requests where request_id = $order " );
					mysql_query("Insert INTO  Purchase_Orders (approved,user_id,quantity,submit_date,manager_id,fulfillment_date, total_cost, part_id) VALUES (true, '$request[user_id]', '$TotalQuantity', '$request[date]','$managerID', '$date','$totalcost','$request[part_id]')");
				}
				else echo "Not valid!";
			}
				
			if(!Empty($tmp) && Empty($TotalQuantity))
			{
				$request = mysql_fetch_assoc( mysql_query( "SELECT * FROM Order_Requests where request_id = $tmp  " ) );
				mysql_query( "Delete FROM Order_Requests where request_id = $tmp " );
				mysql_query("Insert INTO  Purchase_Orders (approved,user_id,quantity,submit_date,manager_id,fulfillment_date, total_cost, part_id) VALUES (false,'$request[user_id]', '0', '$request[date]','$managerID', '$date','0','$request[part_id]')");
			}
		}
		
		$QRY = 'SELECT * FROM  '.$TABLE.' ORDER BY date ASC';
		$RESULT = mysql_query($QRY);

		echo '<table style="width: 100%; border: 5px #aba groove;">';
        echo '<tr style="background-color: #77C48E;" align = "center"><th colspan=7>Pending Order Requests</th></tr>';
        echo '<tr style="background-color: #D6B376;">
            <th style="text-align: center; width:50px;">Deny</th>
     
			<th style="text-align: center;">Date Submitted</th>
			<th style="text-align: center;">User</th>
            <th style="text-align: center;">Part</th>
            <th style="text-align: center;">Qty Wanted</th>
            <th style="text-align: center; maxlength="10"">Qty Ordered</th>
            <th style="text-align: center;">Vendor</th></tr>';
			while($ROW = mysql_fetch_array($RESULT))
			{
				echo '<tr style="background-color: #';
				if ( $ROW_NUMBER % 2 ){ echo 'FFF;"'; }
				else { echo 'DEDEDE;"'; }
				
				$QRY2 = 'SELECT * FROM  Parts where part_id =  "' . $ROW['part_id'] . '"';
				$RESULT2 = mysql_query($QRY2);
	
				
				echo '><td style = "text-align: center;"><input type="checkbox" name="'.$ROW_NUMBER.'" value="'.$ROW['request_id'].'" />
				</td><td style = "text-align: center;">' . $ROW['date'] . '</td><td style = "text-align: center;">' . $ROW['user_id'] .  '</td><td style = "text-align: center;">' . $ROW['part_id'] . '</td>
				<td style = "text-align: center;">' . $ROW['quantity'] . '</td>';
				echo '<td style = "text-align: center;"><input name="Quantity'.$ROW_NUMBER.'" type="text" size="5" maxlength="5"/></td>
				<td style = "text-align: center;">
				<select name="Price'.$ROW_NUMBER.'" class="dropdownmenus">
				<option selected>Choose Vendor</option>';

				while($ROW2 = mysql_fetch_array($RESULT2))
				{
					$compname = mysql_fetch_array(mysql_query('SELECT * FROM  Vendors where vendor_id =  "' . $ROW2['vendor_id'] . '"'));
					$price = mysql_fetch_array(mysql_query('SELECT * FROM  Parts where vendor_id =  "' . $ROW2['vendor_id'] . '" and part_id = "' . $ROW['part_id'] . '"'));
					
					echo '<option text-align = "center">'.$compname['company_name'].' ($'.$price['cost'].')</option>';
					
				}
				echo'</select></td><td><input type="hidden" name="Request'.$ROW_NUMBER.'" value="'.$ROW['request_id'].'"></td></tr>';
				$ROW_NUMBER++;
			}
		echo '<input type="hidden" name="numberOfRows" value="'.$ROW_NUMBER.'">';

        echo '<tr><td style="text-align: right;"></td><td style="text-align: right;"></td><td style="text-align: right;"></td><td style="text-align: right;"></td><td></td><td></td>
            <td style="text-align: right;"><input type="submit" value="Send Order(s)"></td></tr>';

        echo '</table>';
        
        echo  "<hr>";
	echo '<table style="width: 100%; border: 5px #aba groove;">';
        echo '<tr style="background-color: #77C48E;" align = "center"><th colspan=9>Past Orders</th></tr>';
		echo '<tr style="background-color: white;" align = "center"><th colspan=3><input type="submit" name="sort_user" value="Sort By User"></th>
		<th colspan=3><input type="submit" name ="sort_price" value="Sort By Price"></th>
		<th colspan=3><input type="submit" name="sort_quantity" value="Sort By Quantity"></th></tr>';
        echo '<tr style="background-color: #D6B376;">
		    <th style="text-align: center;">Y/N</th>
			<th style="text-align: center;">User</th>
            <th style="text-align: center;">Submitted</th>
			 <th style="text-align: center;">Fullfilled</th>
            <th style="text-align: center;">Manager</th>
			<th style="text-align: center;">Part</th>
			<th style="text-align: center;">Qty</th>
            <th style="text-align: center;">Cost</th></tr>';
			
			$TABLE = "Purchase_Orders";
			
			
			if($sortBy ==1) $QRY = 'SELECT * FROM  '.$TABLE.' ORDER BY user_id ASC';
			else if($sortBy ==2) $QRY = 'SELECT * FROM  '.$TABLE.' ORDER BY quantity ASC';
			else if($sortBy ==3) $QRY = 'SELECT * FROM  '.$TABLE.' ORDER BY total_cost ASC';
			

			$RESULT = mysql_query($QRY);
			$ROW_NUMBER = 0;
			while($ROW = mysql_fetch_array($RESULT))
			{
				echo '<tr style="background-color: #';
				if ( $ROW_NUMBER % 2 ){ echo 'FFF;"'; }
				else { echo 'DEDEDE;"'; }
				echo '><td style = "text-align: center;">';
				if($ROW['approved']) echo "Y";
				else echo "N";
				echo'</td><td style = "text-align: center;">' . $ROW['user_id'] . '</td><td style = "text-align: center;">' . $ROW['submit_date'] .  '</td><td style = "text-align: center;">' . $ROW['fulfillment_date'] . '</td><td style = "text-align: center;">' . $ROW['manager_id'] . '</td><td style = "text-align: center;">' . $ROW['part_id'] . '</td><td style = "text-align: center;">' . $ROW['quantity'] . '</td><td style = "text-align: center;">$' . $ROW['total_cost'] . '</td>';
				echo '</tr>';
				$ROW_NUMBER++;
			}

        echo '</table>';
		
		mysql_close($CON);
	}
	
	else echo "Managers Only!";
    
?>
</form>
  <!-- end #mainContent --></div>
<?php include('includes/footer.php'); ?>
<!-- end #container --></div>
</body>
</html>
